6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
78.3%
The OpenVPN project reports:
In late November 2014 Dragana Damjanovic notified OpenVPN
developers of a critical denial of service security vulnerability
(CVE-2014-8104). The vulnerability allows an tls-authenticated
client to crash the server by sending a too-short control channel
packet to the server. In other words this vulnerability is denial
of service only.